227 matches found
CVE-2013-3507
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for 1 a configuration file, 2 a database dump, or 3 the Tomcat status context...
CVE-2013-3507
The CVE-2013-3507 issue affects GroundWork Monitor Enterprise 6.7.0 via the NeDi component. The vulnerability allows remote authenticated users to disclose sensitive information by directly requesting one of three resources: (1) a configuration file, (2) a database dump, or (3) the Tomcat status ...
CVE-2013-3508
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing...
CVE-2013-3509
CVE-2013-3509 affects GroundWork Monitor Enterprise 6.7.0 (NeDi component). The issue is in html/System-NeDi.php: remote authenticated users can execute arbitrary commands via shell metacharacters in the scan functionality under System/NeDi. Impact details are not expanded beyond the description ...
CVE-2013-3511
The connected documents confirm an open redirect vulnerability in the NeDi component of GroundWork Monitor Enterprise 6.7.0. Impact described as attackers redirecting users to arbitrary sites, enabling phishing via unspecified vectors. No concrete remediation steps or affected version details bey...
SEC Consult SA-20130308-1 :: Multiple vulnerabilities in GroundWork Monitor Enterprise (part 2)
SEC Consult Vulnerability Lab Security Advisory 20130308-1 ======================================================================= title: Multiple high risk vulnerabilities part 2 product: GroundWork Monitor Enterprise vulnerable version: 6.7.0 fixed version: none - optional technical bulletin...
GroundWork Monitor Enterprise 6.7.0 SQL Injection / Command Execution
GroundWork Monitor Enterprise version 6.7.0 suffers from remote SQL injection, file disclosure, command injection, and cross site scripting vulnerabilities. This is the second of two advisories documenting all the issues in GroundWork. Detailed proof of concepts were removed by the author because...